44 lines
1.4 KiB
Markdown
44 lines
1.4 KiB
Markdown
---
|
||
layout: "api"
|
||
page_title: "/sys/revoke-force - HTTP API"
|
||
sidebar_current: "docs-http-system-revoke-force"
|
||
description: |-
|
||
The `/sys/revoke-force` endpoint is used to revoke secrets or tokens based on
|
||
prefix while ignoring backend errors.
|
||
---
|
||
|
||
# `/sys/revoke-force`
|
||
|
||
The `/sys/revoke-force` endpoint is used to revoke secrets or tokens based on
|
||
prefix while ignoring backend errors.
|
||
|
||
## Revoke Force
|
||
|
||
This endpoint revokes all secrets or tokens generated under a given prefix
|
||
immediately. Unlike `/sys/revoke-prefix`, this path ignores backend errors
|
||
encountered during revocation. This is _potentially very dangerous_ and should
|
||
only be used in specific emergency situations where errors in the backend or the
|
||
connected backend service prevent normal revocation.
|
||
|
||
By ignoring these errors, Vault abdicates responsibility for ensuring that the
|
||
issued credentials or secrets are properly revoked and/or cleaned up. Access to
|
||
this endpoint should be tightly controlled.
|
||
|
||
| Method | Path | Produces |
|
||
| :------- | :--------------------------- | :--------------------- |
|
||
| `PUT` | `/sys/revoke-force/:prefix` | `204 (empty body)` |
|
||
|
||
### Parameters
|
||
|
||
- `prefix` `(string: <required>)` – Specifies the prefix to revoke. This is
|
||
specified as part of the URL.
|
||
|
||
### Sample Request
|
||
|
||
```
|
||
$ curl \
|
||
--header "X-Vault-Token: ..." \
|
||
--request PUT \
|
||
https://vault.rocks/v1/sys/revoke-force/aws/creds
|
||
```
|